attach-review-proof
Warn
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to transmit local file contents to an external third-party service (proofdrop-mcp) to generate sharing links. The documentation explicitly states that the resulting URLs are public and can be accessed by anyone. This functionality enables the exposure of sensitive local information, such as environment variables, private keys, or configuration files, if the agent is directed to upload them.
- [COMMAND_EXECUTION]: The skill orchestrates the execution of tools that perform local file system reads and network communication to facilitate the file uploads.
Audit Metadata